JOB DESCRIPTION- Duties and Responsibilities:
- Perform security architecture and design reviews, service and data flow reviews to check for security / privacy flaws and gaps and recommend remediation and/or mitigation.
- Utilize knowledge and understanding of application architecture, network design, infrastructure security and data security standards to identify findings and clearly communicate security & privacy risks and possible remediation.
- Assess and review new Low-High complexity services/projects within the domain to ensure that security and privacy architectural and application business logic issues are identified and mitigated prior to launch.
- Review Security Architecture and Design call-outs in Security Risk Assessment reports and Risk Treatment Plans for all new projects prior to cutover.
- Proactively monitor the overall project roadmap, escalates priority projects, and monitor overall compliance
- Monitors security deviations and closure of any security-related technical debts
- Ensure SLAs and PSRA activities are being tracked and updated by each SME on ServiceNow
- Tracking and follow-up closure of submitted Risk Acceptance and Security Technical debts
- Review current system security measures and recommend and implement enhancements.
- Enables and provides technical guidance to MS Resources.
- Stakeholder Management
- Conduct regular cadences with assigned domain stakeholders to review and discuss security architecture and design issues of the respective domains
- Provide guidance to project managers and project sponsors on the recommended security and privacy controls and countermeasures
- Help communicate vital information, security needs and priorities to upper management.
- Communicate identified security & privacy risks to internal stakeholders and end users within the business while supporting the response to addressing these risks.
- Act as a single point of contact for any security-related assessments under his assigned domain
- Monthly reporting of the overall PSRA compliance to all Domain/Tribe cadences Change Management
- Ensure that security risk management is thoroughly executed across all IT and Network Infrastructure Changes implemented on Globe Assets, Platforms, and Services.
- Assess / Review Change activities and actions implemented by different Globe technical teams to ensure that no NEW security vulnerabilities and privacy issues are potentially introduced within the Globe environment.
- Oversee, manage, and orchestrate the execution of continuous vulnerability management activities such as vulnerability assessment, patch & remediation, for all active Change Cycle activities across all Globe technical domains.
- Identify, Assess, Recommend, and Oversee the execution of appropriate risk mitigation plans for specific Change Activities such as emergency changes.
- Create, Update, and Maintain a comprehensive Security Change Management Inventory and Registry for documenting and tracking all Changes that have undergone Security Review and Assessment, aligned with the overall Asset Inventory of Security Operations.
- Qualifications:
# 2-4 years work experience in Telecom or IT (IT systems/network administration, preferably hands-on experience in Server Operating Systems (Windows, UNIX/Linux) or network devices; IT security systems administration (Firewall/VPN, Intrusion Prevention Systems, Antivirus/Anti-spam, URL filtering, Encryption, etc.), Network Design/Engineering/Operations/Service Management
# Working knowledge of Public Clouds i.e. AWS, GCP, etc.
# Working knowledge of Application Security
# Graduate of B.S. in Electronics and Communications Engineering, Computer Science/Engineering or any IT-related courses (should be 4-5 years course)
# Training in Information Security, ITSM, Project Management, Business Process Admin, & Quality
# Preferably has certification: CCSA/CCSE, CCNA/CCNP, MCSA/MCSE, RHCT/RHCE, CEH C. Competencies
# IT systems/network administration, preferably hands-on experience in Server Operating System (Windows, UNIX/Linux) or network devices; IT security systems administration (Firewall/VPN, Intrusion Prevention Systems, Antivirus/Anti-spam, URL filtering, Encryption, etc.)
# Application Development and/or Application Security # Systems Integration
# Telecom Network and Protocols
# IT Audit Process
# Soft Skills (Written and Oral Communication)
# Results Oriented, capable of critical thinking, decision making and accountability, participates in collaborative teamwork
# Strategic and Business Acumen, Resourceful Planning and Organizing
Job Type: Full-time
Pay: Php20,000.00 - Php30,000.00 per month
Benefits:
Schedule:
Expected Start Date: 08/19/2024
